arno/bitcoinbook
1
0
Fork 0
mirror of https://github.com/bitcoinbook/bitcoinbook synced 2025-01-27 16:11:13 +00:00
Code Issues Releases Wiki Activity

Edited ch04_keys.adoc with Atlas code editor

Browse Source
This commit is contained in:
clenser 2023-10-17 17:41:48 +00:00
parent e7c5de6f94
commit 2334f6af9f
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ch04_keys.adoc
View File

@ -944,21 +944,21 @@ Legacy addresses were supplanted by the bech32 family of ((("redemption scripts"
[[p2sh_collision_attacks]] [[p2sh_collision_attacks]]
.P2SH Collision Attacks .P2SH Collision Attacks
**** ****
All addresses based on hash functions are theoretically vulnerable to an All addresses ((("collision attacks", id="collision")))based on hash functions are theoretically vulnerable to an
attacker independently finding the same input that produced the hash attacker independently finding the same input that produced the hash
function output (commitment). In the case of Bitcoin, if they find the function output (commitment). In the case of Bitcoin, if they find the
input the same way the original user did, they'll know the user's private input the same way the original user did, they'll know the user's private
key and be able to spend that user's bitcoins. The chance of an attacker key and be able to spend that user's bitcoins. The chance of an attacker
independently generating the input for an existing commitment is independently generating the input for an existing commitment is
proportional to the strength of the hash algorithm. For a secure proportional to the strength of the hash algorithm. For a secure
160-bit algorithm like HASH160, the probability is 1-in-2^160^. This is 160-bit algorithm like HASH160, the probability is 1-in-2^160^. This ((("preimage attacks")))is
a _preimage attack_. a _preimage attack_.
An attacker can also try to generate two different inputs (e.g., redeem An attacker can also try to generate two different inputs (e.g., redeem
scripts) that produce the same commitment. For addresses created scripts) that produce the same commitment. For addresses created
entirely by a single party, the chance of an attacker generating a entirely by a single party, the chance of an attacker generating a
different input for an existing commitment is also about 1-in-2^160^ for different input for an existing commitment is also about 1-in-2^160^ for
the HASH160 algorithm. This is a _second preimage attack_. the HASH160 algorithm. This is((("second preimage attacks"))) a _second preimage attack_.
However, this changes when an attacker is able to influence the original input However, this changes when an attacker is able to influence the original input
value. For example, an attacker participates in the creation of a value. For example, an attacker participates in the creation of a
@ -994,7 +994,7 @@ Bitcoin miners about 32 billion years.
Although we do not believe there is any immediate threat to anyone Although we do not believe there is any immediate threat to anyone
creating new P2SH addresses, we recommend all new wallets use newer creating new P2SH addresses, we recommend all new wallets use newer
types of addresses to eliminate address collision attacks((("public key cryptography", "hash functions and", startref="pub-key-hash2")))((("hash functions", "Bitcoin payments and", startref="hash-payment2")))((("payments", "with hash functions", secondary-sortas="hash functions", startref="payment-hash2")))((("P2SH (pay to script hash)", startref="p2sh"))) as a concern. types of addresses to eliminate address collision attacks((("public key cryptography", "hash functions and", startref="pub-key-hash2")))((("hash functions", "Bitcoin payments and", startref="hash-payment2")))((("payments", "with hash functions", secondary-sortas="hash functions", startref="payment-hash2")))((("P2SH (pay to script hash)", startref="p2sh")))((("collision attacks", startref="collision"))) as a concern.
**** ****
=== Bech32 Addresses === Bech32 Addresses